[kernel] r13743 - in dists/lenny/linux-2.6/debian: . patches/bugfix/sparc patches/series

Dann Frazier dannf at alioth.debian.org
Tue Jun 9 06:21:09 UTC 2009 

Author: dannf
Date: Tue Jun  9 06:20:58 2009
New Revision: 13743

Log:
[sparc64] Fix crash when reading /proc/iomem w/ heap memory checking
(CVE-2009-1914)

Added:
   dists/lenny/linux-2.6/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch
Modified:
   dists/lenny/linux-2.6/debian/changelog
   dists/lenny/linux-2.6/debian/patches/series/16

Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog	Tue Jun  9 01:05:44 2009	(r13742)
+++ dists/lenny/linux-2.6/debian/changelog	Tue Jun  9 06:20:58 2009	(r13743)
@@ -42,6 +42,8 @@
     kernels (closes: #529312)
   * Fix soft lockups caused by one md resync blocking on another due
     to sharing the same device (closes: #514627)
+  * [sparc64] Fix crash when reading /proc/iomem w/ heap memory checking
+    (CVE-2009-1914)
   
   [ Ben Hutchings ]
   * sata_nv: avoid link reset on controllers where it's broken

Added: dists/lenny/linux-2.6/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch	Tue Jun  9 06:20:58 2009	(r13743)
@@ -0,0 +1,34 @@
+commit 192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c
+Author: Mikulas Patocka <mpatocka at redhat.com>
+Date:   Wed Mar 18 23:53:16 2009 -0700
+
+    sparc64: Fix crash with /proc/iomem
+    
+    When you compile kernel on Sparc64 with heap memory checking and type
+    "cat /proc/iomem", you get a crash, because pointers in struct
+    resource are uninitialized.
+    
+    Most code fills struct resource with zeros, so I assume that it is
+    responsibility of the caller of request_resource to initialized it,
+    not the responsibility of request_resource functuion.
+    
+    After 2.6.29 is out, there could be a check for uninitialized fields
+    added to request_resource to avoid crashes like this.
+    
+    Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/arch/sparc64/kernel/pci_common.c linux-source-2.6.26/arch/sparc64/kernel/pci_common.c
+--- linux-source-2.6.26.orig/arch/sparc64/kernel/pci_common.c	2009-05-11 12:06:56.000000000 -0600
++++ linux-source-2.6.26/arch/sparc64/kernel/pci_common.c	2009-06-09 00:05:23.000000000 -0600
+@@ -368,7 +368,7 @@ static void pci_register_iommu_region(st
+ 	const u32 *vdma = of_get_property(pbm->prom_node, "virtual-dma", NULL);
+ 
+ 	if (vdma) {
+-		struct resource *rp = kmalloc(sizeof(*rp), GFP_KERNEL);
++		struct resource *rp = kzalloc(sizeof(*rp), GFP_KERNEL);
+ 
+ 		if (!rp) {
+ 			prom_printf("Cannot allocate IOMMU resource.\n");

Modified: dists/lenny/linux-2.6/debian/patches/series/16
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/16	Tue Jun  9 01:05:44 2009	(r13742)
+++ dists/lenny/linux-2.6/debian/patches/series/16	Tue Jun  9 06:20:58 2009	(r13743)
@@ -12,3 +12,4 @@
 + bugfix/all/drivers-net-r8169-multicast-8101-8168.patch
 + bugfix/all/drivers-acpi-asus_acpi-unsupported-models.patch
 + bugfix/all/drivers-net-wireless-iwl4965-scan-cancel.patch
++ bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch

More information about the Kernel-svn-changes mailing list